Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Claude Cowork saved me countless hours renaming hundreds of old pictures.

A new GitHub project is trying to retrofit Apple's discontinued Time Capsule with modern SMB support. If this works, Time ...

Anthropic exposed Claude Code source on npm, revealing internal architecture, hidden features, model codenames, and fresh ...

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...